🐛 fix(docker): Update Dockerfiles to create non-root user with proper permissions

docker/ppanel-admin-web/Dockerfile

@@ -5,17 +5,21 @@ FROM oven/bun:latest AS base
 WORKDIR /app
 
 # Create a non-root user for running the production application
-RUN addgroup --system --gid 1001 nodejs \
+RUN apt-get update \
-    && adduser --system --uid 1001 nextjs
+ && apt-get install -y --no-install-recommends adduser \
-
+ && rm -rf /var/lib/apt/lists/* \
-# Change to non-root user
+ && addgroup --system --gid 1001 nodejs \
-USER nextjs
+ && adduser --system --uid 1001 --ingroup nodejs --home /nonexistent --shell /usr/sbin/nologin nextjs
 
 # Copy necessary files for production
 COPY ./apps/admin/.next/standalone ./
 COPY ./apps/admin/.next/static ./apps/admin/.next/static
 COPY ./apps/admin/public ./apps/admin/public
 
+# Change to non-root user
+RUN chown -R nextjs:nodejs /app
+USER nextjs
+
 # Disable Next.js telemetry at runtime
 ENV NEXT_TELEMETRY_DISABLED=1
 

docker/ppanel-user-web/Dockerfile

@@ -5,17 +5,19 @@ FROM oven/bun:latest AS base
 WORKDIR /app
 
 # Create non-root user and set permissions
-RUN addgroup --system --gid 1001 nodejs \
+RUN apt-get update \
-    && adduser --system --uid 1001 nextjs
+ && apt-get install -y --no-install-recommends adduser \
+ && rm -rf /var/lib/apt/lists/* \
+ && addgroup --system --gid 1001 nodejs \
+ && adduser --system --uid 1001 --ingroup nodejs --home /nonexistent --shell /usr/sbin/nologin nextjs
 
 # Copy build output and static files
 COPY ./apps/user/.next/standalone ./
 COPY ./apps/user/.next/static ./apps/user/.next/static
 COPY ./apps/user/public ./apps/user/public
 
-# Change ownership to non-root user
+# Change to non-root user
 RUN chown -R nextjs:nodejs /app
-
 USER nextjs
 
 # Disable Next.js telemetry